I spoke with Brett Lewis at Freedom Scientific and he agreed with the solution that if a password role were applied that rather that echoing they keys typed or speaking stars for each character typed that they need to echo the character *rendered*. He also had no issues with making this an author MUST for ATs because of the security issues. Users will also need to be made aware that if they run across a password field and the characters spoken, while typing, match their password that there are exposed to a security risk. So, the net, net of this is that if we can get the ATVs to agree to this then this would solve all the issues related to a role=“password”. Rich Rich Schwerdtfeger > On Mar 29, 2016, at 4:01 PM, Joseph Scheuhammer <clown@alum.mit.edu> wrote: > > On 2016-03-29 1:10 PM, Cynthia Shelly wrote: >> The password role does not prevent accessing the content of the >> password field from script. > > Somewhat tangential, but the same is true for an html5 password > <input>. Its @value attribute contains the password in plain text. > > -- > ;;;;joseph. > > 'Die Wahrheit ist Irgendwo da Draußen. Wieder.' > - C. Carter - >
Received on Thursday, 31 March 2016 16:21:26 UTC